The well-known IS journalist Brian Krebs drew attention to an interesting fact: this week Microsoft bought the domain Corp.com, so that criminals would not do it. The sum of transaction is not disclosed.Krebs first turned his attention to this domain when a man named Mike O’Connor, who owned it for 26 years, put it up for sale in February this year. Then the domain was put up for auction, and its starting price was $1.7 million.
Speaking with Krebs, O’Connor said he was very worried that the domain would buy Microsoft, but explained that he desperately needed money.
Why is Corp.com so dangerous? The fact is that when setting up Active Directory, many companies’ administrators use it as a stub.
“This problem is known as a namespace collision: when domain names that are intended to be used exclusively on a company’s internal network end up intersecting domains that can resolve onto the open Internet”, – Explains Brian Krebs.
Unfortunately, in earlier versions of Windows with Active Directory support (for example, Windows 2000 Server), “corp” was used as an example or Active Directory path by default, and many companies apparently used this parameter without changing it.
The situation is complicated by the fact that some companies are building or assimilating vast networks based on this erroneous setup.
What happens if an employee who works for a company that uses the Active Directory corp path takes their corporate laptop with them to their local Starbucks?
“Most likely, some resources on his laptop will try to access this internal “corp ”domain. By virtue of how Windows DNS name resolution works, this corporate laptop that has gone online via the Starbucks wireless network is likely to search resources on corp.com”, — says Brian Krebs.
In essence, this means that the person under the control of corp.com can passively intercept the private communications of hundreds of thousands of computers that are outside their corporate environment, where the designation “corp” was used for the Active Directory domain.
In fact, if Microsoft had not acquired the domain, its buyer could use Corp.com to collect passwords, emails, and other sensitive data from a variety of misconfigured corporate machines.
Mike O’Connor, who is 70 years old, says this was one of the reasons for the sale: many computers constantly tried to share data with his domain.
Ok, now Microsoft has corp.com, but it seems that the company has not fixed issues in its problematic subdomains, and I recently wrote about.